CVE-2024-0853 Information
Feb 04, 2024
cve
Description
curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (OCSP stapling) test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh which then skipped the verify status check.
Reference
https://curl.se/docs/CVE-2024-0853.json https://curl.se/docs/CVE-2024-0853.html https://hackerone.com/reports/2298922 curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (OCSP stapling) test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh which then skipped the verify status check.
Share on: